Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
Vulnerability Description
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
AVideo 授权问题漏洞
Vulnerability Description
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 8.1版本存在授权问题漏洞,该漏洞源于跨站请求伪造,可能导致攻击者利用密码恢复机制重置用户密码。
CVSS Information
N/A
Vulnerability Type
N/A